Using Microsoft Azure AD for API Authentication with Rails and Warden - azure_ad_json_web_token.rb

azure_ad_json_web_token.rb

class AzureAdJsonWebToken
  def self.rsa_key
    url = URI.parse('https://login.windows.net/common/discovery/keys')
    key_file = JSON.parse(Net::HTTP.get(url))
    x5c = Base64.decode64(key_file['keys'][0]['x5c'][0])
    OpenSSL::X509::Certificate.new(x5c).public_key
  end

  def self.aud
    ENV['aud']
  end

  def self.iss
    ENV['iss']
  end

  def self.decode(token)
    JWT.decode(token, rsa_key, true, { algorithm: 'RS256',
                                       aud: aud,
                                       verify_aud: true,
                                       iss: iss,
                                       verify_iss: true })
  end
end